function authorize(permissionCode) {
    return (req, res, next) => {
        // 获取用户角色和权限信息
        const roles = req.user.roles;

        // 遍历角色和权限，检查是否包含指定的权限代码
        let hasPermission = false;
        for (const role of roles) {
            for (const permission of role.permissions) {
                if (permission.code === permissionCode) {
                    hasPermission = true;
                    break;
                }
            }
            if (hasPermission) break; // 如果找到权限，则停止循环
        }

        if (hasPermission) {
            next(); // 允许访问
        } else {
            res.status(403).json({ message: 'Forbidden' });
        }
    };
}

module.exports = authorize;